Back to search
CVE-2005-1413
Published: May 3, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID parameters to default.asp.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
15964
vdb-entry
x_refsource_OSVDB
13439
vdb-entry
x_refsource_BID
24860
vdb-entry
x_refsource_BID
15173
third-party-advisory
x_refsource_SECUNIA
15966
vdb-entry
x_refsource_OSVDB
15965
vdb-entry
x_refsource_OSVDB
http://securityvulns.ru/Rdocument425.html
x_refsource_MISC
http://digitalparadox.org/viewadvisories.ah?view=37
x_refsource_MISC
1013843
vdb-entry
x_refsource_SECTRACK
20070711 durito: enVivo!CMS SQL injection
mailing-list
x_refsource_FULLDISC
13437
vdb-entry
x_refsource_BID
13440
vdb-entry
x_refsource_BID
envivo-username-password-sql-injection(20313)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now